I tweet now

Free Cookies

Does antivirus rain on your antivirus testing?

Suppose you need to test your antivirus software, but you don’t have a virus laying around to test with. How do you get a virus to test with? Sounds dangerous.

Luckily, smarter people than I have already thought of this problem. The solution is the EICAR test file/string. It’s a harmless string that most (almost all) antivirus vendors treat as a virus. The idea is that you can use this file instead of a live virus. If your antivirus alerts on it, you know all is good. If it doesn’t, then your antivirus doesn’t work.

So if you’re doing some security research* and need the EICAR test string you may run into a chicken and egg problem. You need the test string, but every time you download it your antivirus program deletes it right away!